CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,966 vulnerabilities with CWE-79
CVE-2026-22919 LOW
SICK TDC-X401GL Firmware < 1.5.0 - Authenticated Stored Cross-Site Scripting in Login Page
CVSS 3.8
CVE-2026-22913 MEDIUM
SICK TDC-X401GL Firmware < 1.5.0 - Stored Cross-Site Scripting via URL Parameter
CVSS 4.3
CVE-2026-0601 MEDIUM
Sonatype Nexus Repository 3.82.0-3.87.0 - Unauthenticated Reflected Cross-Site Scripting
CVE-2026-23497 MEDIUM
Frappe Learning Management System 2.0.0-2.44.0 - Stored Cross-Site Scripting via Image Filename
CVSS 5.4
CVE-2026-22787 MEDIUM
html2pdf.js < 0.14.0 - Cross-Site Scripting via Text Source Input
CVSS 6.1
CVE-2026-0813 MEDIUM
Short Link plugin - WordPress <1.0 - XSS
CVSS 4.4
CVE-2026-0812 MEDIUM
LinkedIn SC <= 1.1.9 - Authenticated Stored Cross-Site Scripting via Date Format and API Key Parameters
CVSS 4.4
CVE-2026-0741 MEDIUM
Electric Studio Download Counter <2.4 - XSS
CVSS 4.4
CVE-2026-0739 MEDIUM
WMF Mobile Redirector <= 1.2 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-0734 MEDIUM
WP Allowed Hosts <= 1.0.8 - Authenticated Stored Cross-Site Scripting via 'allowed-hosts' Parameter
CVSS 4.4
CVE-2026-0694 MEDIUM
SearchWiz <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Post Titles in Search Results
CVSS 6.4
CVE-2026-0680 MEDIUM
Real Post Slider Lite <= 2.4 - Authenticated Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-0594 MEDIUM
WordPress List Site Contributors <1.1.8 - XSS
CVSS 6.1
CVE-2026-20959 MEDIUM
Microsoft SharePoint Server - Cross-Site Scripting
CVSS 4.6
CVE-2026-0514 MEDIUM
SAP Business Connector - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2026-0499 MEDIUM
SAP NetWeaver Enterprise Portal - XSS
CVSS 6.1
CVE-2026-22813 MEDIUM
OpenCode < 1.1.10 - Stored Cross-Site Scripting via Markdown Renderer
CVSS 6.1
CVE-2026-22804 HIGH
Termix 1.7.0-1.9.0 - Stored Cross-Site Scripting via SVG File Preview
CVSS 8.0
CVE-2026-22033 MEDIUM
Label Studio < 1.22.0 - Stored Cross-Site Scripting via Custom Hotkeys
CVSS 5.4
CVE-2026-0824 LOW
QuestDB UI < 1.1.10 - Cross-Site Scripting in Web Console
CVSS 3.5
CVE-2026-22704 HIGH
haxcms-nodejs 11.0.6-24.9.9 - Stored Cross-Site Scripting
CVSS 8.0
CVE-2026-22610 MEDIUM
Angular < 19.2.18, 20.3.16, 21.0.7, 21.1.0-rc.0 - Cross-Site Scripting via SVG Script Href Attribute
CVSS 6.1
CVE-2026-22029 HIGH
React Router < 1.23.2 and 7.0.0-7.11.0 - Cross-Site Scripting via Open Navigation Redirect
CVSS 8.0
CVE-2026-21884 HIGH
React Router 7.0.0-7.11.0 & @remix-run/react < 2.17.3 - XSS via ScrollRestoration API
CVSS 8.2
CVE-2026-22198 MEDIUM
GestSup < 3.2.56 - Unauthenticated Stored Cross-Site Scripting via API Error Logs
CVSS 6.1
Details
Vulnerabilities 44,966
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits